|
|
| (12 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| = The APKINDEX.tar.gz format =
| | #REDIRECT [[Apk_spec]] |
| | |
| From apk-tools-2.0_pre15 there was added support for package signing. The caused the index format to chage, as it needs to contain a signature for the repository. This document explains how the new index works and how it is created.
| |
| | |
| == Creating APKINDEX.tar.gz ==
| |
| The APKINDEX.tar.gz is created by concatenating 2 other tar.gz files, signature.tar.gz and APKINDEX.unsigned.tar.gz.
| |
| | |
| <pre>cat signature.tar.gz APKINDEX.unsigned.tar.gz</pre>
| |
| | |
| === Creating signature.tar.gz ===
| |
| First we create a signature file for APKINDEX.unsigned.tar.gz, using our private key.
| |
| <pre>openssl dgst -sha1 sign ''privatekeyfile'' -out .SIGN.RSA.''nameofpublickey'' APKINDEX.unsigned.tar.gz</pre>
| |
| | |
| Then we put this in a tar file, without the ''end-of-tar'' record at the end of the file. This is because we will concatenate this tar archive with the index tar archive.
| |
| <pre>tar -c .SIGN.RSA.''nameofpublickey'' | abuild-tar --cut | gzip -9 > signature.tar.gz</pre>
| |
| | |
| === Creating APKINDEX.unsigned.tar.gz ===
| |
| The APKINDEX.unsigned.tar.gz is an old 1.9 style index file in a tar archive. This is created with:
| |
| | |
| <pre>apk index -o APKINDEX.unsigned.tar.gz *.apk</pre>
| |